PuterCare 4 Posted January 17, 2023 Posted January 17, 2023 I have been successfully deploying the Protect agent via Intune for a while now using the steps here: https://support.eset.com/en/kb7846-deploy-eset-management-agent-using-microsoft-intune-microsoft-endpoint-manager Since late last year, I have had users reporting a Windows toast notification to say the agent installation has failed. I believe the cause is that the agent auto-updates itself and that breaks the detection rule which uses the MSI product code from the version I deployed myself. Is there a regkey that stores the agent version info that I can use for my detection rule to say equal or greater than? Thanks
Solution PuterCare 4 Posted January 19, 2023 Author Solution Posted January 19, 2023 I have found the regkey so will work on a custom detection rule now, in case it helps others: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info\ProductVersion
ESET Staff MartinK 384 Posted January 20, 2023 ESET Staff Posted January 20, 2023 21 hours ago, PuterCare said: I have found the regkey so will work on a custom detection rule now, in case it helps others: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ESET\RemoteAdministrator\Agent\CurrentVersion\Info\ProductVersion Indeed AGENT stores it's own version and other similar details here. Another alternative might be to search for version in the "MSI" database in registries, but it has no fixed location, so it would be less reliable = but on other side, it will correspond to data as shown in Windows itself and also in the console.
PuterCare 4 Posted January 20, 2023 Author Posted January 20, 2023 29 minutes ago, MartinK said: Indeed AGENT stores it's own version and other similar details here. Another alternative might be to search for version in the "MSI" database in registries, but it has no fixed location, so it would be less reliable = but on other side, it will correspond to data as shown in Windows itself and also in the console. I changed my detection rule from MSI to registry, compare version, greater than or equal to and then use the version of the agent I am deploying manually. I need to test it fixes the issue but now if the PROTECT server auto-updates the agent, then my detection rule should still apply.
Recommended Posts